Not Paranoid Enough

Dammit. Despite thinking of myself as someone careful about these things, my web server was hacked earlier this morning. It’s my own fault though, as I’ve been getting a bit sloppy. I tested out AWStats a while back, left it installed, forgot about it, didn’t keep it updated, and of course the hack was then done through an AWStats flaw…

What I should have done was either 1) not have kept it installed, 2) placed a password check on it, 3) joined the AWStats announcements list, where I would have gotten a notice about the flaw earlier, or 4) used a distro where it would have been part of the standard packages and automatically updated.

Oh well. Fortunately, since I watch logs like a hawk, I noticed it and shut it down within 15 minutes of the initial break. Since the web server runs as ‘nobody’ it couldn’t actually damage anything; it just kicked off a script to port scan other systems. It’s still depressing to realize that you’ve helped make the problem worse though, even by only a little, and if I can’t find the time to admin this properly, maybe it’s not worth the hassle.

2 thoughts on “Not Paranoid Enough”

  1. Ya know… I haven’t done squat to AWStats since I first installed it, and I haven’t seen any evidence of tampering as of yet. Since I didn’t know about this either, there’s an upgrade going on as I write this.

    I doubt it’s much of a consolation, but I have the time and the ability, and I don’t really admin my server by the book either. I know I should, but Unix has a history of taking care of itself so well for me, I tend to get lazy about it. ;-)

    If ya want my $0.02 (and I rather imagine I’m charging too much sometimes :-) ), I woudn’t let small snags on your line sway you too much. We’re in an era where this kinda thing is way too common, and you could have caught it a lot later than ya did.

    Oh, and pardon the fishing analogy. :-)

  2. ADDENDUM:
    I guess I should have stuck with the previous version of AWStats… Did the update, and now I can’t make Apache display it unless I mangle the paths and URL — and when I do so none of it displays correctly or uses any of the icons and other resources AWStats has.

    What a waste of time. :-P

Leave a Reply

Your email address will not be published. Required fields are marked *